17 lines
475 B
TypeScript
17 lines
475 B
TypeScript
// app/api/auth/clear-cookie/route.ts
|
|
// Clears the HttpOnly auth cookie on logout.
|
|
// Only the server can delete an HttpOnly cookie.
|
|
|
|
import { NextResponse } from "next/server";
|
|
|
|
export async function POST() {
|
|
const response = NextResponse.json({ ok: true });
|
|
|
|
// Overwrite the cookie with an empty value and a past expiry date.
|
|
response.headers.set(
|
|
"Set-Cookie",
|
|
"auth_token=; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=0",
|
|
);
|
|
|
|
return response;
|
|
} |